At Deliveroo, it is our mission to build the definitive food company. We are transforming the way the world eats by making food more convenient and accessible. We give people the opportunity to eat what they want, when they want it.
We are a technology-driven company at the forefront of the fastest expanding industry in the world. We are still a small team, making a very large impact, looking to answer some of the most interesting questions out there.
We are looking for an experienced and Senior Third-party Security Specialist with excellent partner management skills to join our fast-growing Security function. You'll design and operate Deliveroo's approach for managing the security risk of third parties. You will work with partners across the business to assess the security risks of suppliers and create practical solutions or make informed decisions about the identified risks.
You'll directly affect how Deliveroo works with hundreds of suppliers and manage risks. As we continue to increase our security maturity, your role in driving sound management of third-party security risk across the company will play a major part in our story.
Our office location in India is in Hyderabad and are preferably looking for you to be be based onsite there. We might however consider fully remote working from other India cities. You will report to our Head of Security Risk Management.
What you'll do:
- Design, embed and manage a scalable third-party security risk management policy, taking into account business context and industry standards, regulatory requirements and partner expectations
- Define the security requirements and contractual obligations for suppliers proportional to the risk they present
- Assess the security risks of suppliers and advise the business on appropriate controls to reduce them
- Perform onboarding and periodic assurance reviews of supplier controls
- Track risks and remediation actions related to third-party suppliers
- Respond to third-party security questionnaires
- Support the security incident response team in the event of a supplier security incident
- Produce and deliver management reporting of third-party security risks to relevant committees and partners
You'll have the following experience:
- 6+ years experience in third-party security risk management in a fast-paced business
- Experience conducting supplier security reviews and having difficult conversations with internal and external partners
- Previously defined processes for managing third-party security risk and assurance
- Experience using commercial third-party risk management tools, such as OneTrust
- Comfortable working with different partners across the business in technical and non-technical roles
- Familiar with security standards such as ISO27001, NIST and SOC2
- Relevant industry certifications such as CISM, CRISC, CISA or CISSP
Benefits:
Holiday Policy - 15 days leave each year (which increases with length of service) and 12 days casual leave and 9 days public holiday.
Childcare - Deliveroo reimburses 70% of daycare expenses, up to a maximum of INR 10000 per month.
Other Benefits: Medical insurance, healthcare, home office expenses and online learning portals.
Diversity
We believe a great workplace is one that represents the world we live in and how beautifully diverse it can be. That means we have no judgement when it comes to any one of the things that make you who you are - your gender, race, sexuality, religion or a secret aversion to coriander.
